Andrew Gomez
Andrew Gomez is a security professional with a passion for security operations and red teaming. He is currently an Adversary Simulations Consultant at SpecterOps specializing in red teaming and network penetration testing. Andrew previously worked for the Department of Defense.
X/Twitter
@KingOfTheNOPs
Session
Chromium browsers on Windows like Chrome and Edge have adopted App-Bound Encryption to protect browser secrets, but attackers are still hungry and always find a way into the cookie jar. This talk dives into the internals of Chromium’s app-bound encryption mechanisms, revealing how a threat actor can extract sensitive data such as cookies and stored passwords while running as either a regular user or with SYSTEM privileges. We’ll walk through multiple proof of concept techniques for stealing browser secrets, highlight opportunities for detection and response, and show how this tradecraft plays out in real world post exploitation scenarios. And because one cookie is never enough, we’ll wrap up with a bonus: using stolen EntraID cookies to pivot into the cloud.